Anti-virus and malware policy

Objective: Protect university information resources from malicious programs and viruses.

Scope: All university information systems (servers, desktops, laptops, tablets, networks, storage).

General Rules:

• Reliable Software: Use licensed and updated anti-virus/anti-malware.
• Threat Reporting: Report undetected viruses to software providers.
• Regular Scans: Perform periodic file scans.
• Program Evaluation: Regularly assess anti-virus software effectiveness.
• Email Integration: Align email policies with anti-virus requirements.

System Administrator Duties:

• Change Management: Control and approve anti-virus software changes.
• Periodic Updates: Ensure regular software updates.
• Update Monitoring: Track virus definition updates.
• Device Isolation: Isolate infected devices.
• Hardware Scans: Perform regular hardware scans.

Information Security Manager Duties:

• Review Requests: Review anti-virus software change requests.
• Awareness: Educate employees about malware threats.
• Technical Support: Assist with malware incidents.

Worker Duties:

• Policy Compliance: Follow acceptable use policies for downloads.
• Threat Reporting: Report suspected viruses immediately.
• No Unlicensed Software: Avoid unlicensed programs.
• Media Inspection: Scan storage media for viruses.

Detailed Simulation:

• Acceptable Policy:
  • Licensed, updated software.
  • Regular scans.
  • Prompt provider contact for new threats.
  • Device isolation.
  • Tested backups.
  • Result: Quick virus detection, isolation, and recovery.
• Unacceptable Policy:
  • Outdated software.
  • No periodic scans.
  • Delayed response to virus detection.
  • Outdated backups.
  • Result: Widespread infection, data loss, failed recovery.

Conclusion:

• Effective policy: Modern software, updates, isolation, healthy backups.
• Ineffective policy: Lack of updates, organization, leading to data loss.
• Proper anti-virus implementation is critical for protecting information and systems.